cisco / cisco.meraki / 1.4.0 / module / meraki_mx_l7_firewall Manage MX appliance layer 7 firewalls in the Meraki cloud Authors: Kevin Breit (@kbreit) preview | supported by communitycisco.meraki.meraki_mx_l7_firewall (1.4.0) — module
Install with ansible-galaxy collection install cisco.meraki:==1.4.0
collections: - name: cisco.meraki version: 1.4.0
Allows for creation, management, and visibility into layer 7 firewalls implemented on Meraki MX firewalls.
- name: Query firewall rules meraki_mx_l7_firewall: auth_key: abc123 org_name: YourOrg net_name: YourNet state: query delegate_to: localhost
- name: Query applications and application categories meraki_mx_l7_firewall: auth_key: abc123 org_name: YourOrg net_name: YourNet categories: yes state: query delegate_to: localhost
- name: Set firewall rules meraki_mx_l7_firewall: auth_key: abc123 org_name: YourOrg net_name: YourNet state: present rules: - type: whitelisted_countries countries: - US - FR - type: blacklisted_countries countries: - CN - policy: deny type: port port: 8080 - type: port port: 1234 - type: host host: asdf.com - type: application application: id: meraki:layer7/application/205 - type: application_category application: id: meraki:layer7/category/24 delegate_to: localhost
host: default: api.meraki.com description: - Hostname for Meraki dashboard. - Can be used to access regional Meraki environments, such as China. type: str rules: description: - List of layer 7 firewall rules. elements: dict suboptions: application: description: - Application to filter. suboptions: id: description: - URI of application as defined by Meraki. type: str name: description: - Name of application to filter as defined by Meraki. type: str type: dict countries: description: - List of countries to whitelist or blacklist. - The countries follow the two-letter ISO 3166-1 alpha-2 format. elements: str type: list host: description: - FQDN of host to filter. type: str ip_range: description: - CIDR notation range of IP addresses to apply rule to. - Port can be appended to range with a C(":"). type: str policy: choices: - deny default: deny description: - Policy to apply if rule is hit. type: str port: description: - TCP or UDP based port to filter. type: str type: choices: - application - application_category - blacklisted_countries - host - ip_range - port - whitelisted_countries description: - Type of policy to apply. type: str type: list state: choices: - present - query default: present description: - Query or modify a firewall rule. type: str net_id: description: - ID of network which MX firewall is in. type: str org_id: description: - ID of organization. type: str timeout: default: 30 description: - Time to timeout for HTTP requests. type: int auth_key: description: - Authentication key provided by the dashboard. Required if environmental variable C(MERAKI_KEY) is not set. required: true type: str net_name: description: - Name of network which MX firewall is in. type: str org_name: aliases: - organization description: - Name of organization. type: str use_https: default: true description: - If C(no), it will use HTTP. Otherwise it will use HTTPS. - Only useful for internal Meraki developers. type: bool use_proxy: description: - If C(no), it will not use a proxy, even if one is defined in an environment variable on the target hosts. type: bool categories: description: - When C(True), specifies that applications and application categories should be queried instead of firewall rules. type: bool output_level: choices: - debug - normal default: normal description: - Set amount of debug output during module execution. type: str output_format: choices: - snakecase - camelcase default: snakecase description: - Instructs module whether response keys should be snake case (ex. C(net_id)) or camel case (ex. C(netId)). type: str validate_certs: default: true description: - Whether to validate HTTP certificates. type: bool rate_limit_retry_time: default: 165 description: - Number of seconds to retry if rate limiter is triggered. type: int internal_error_retry_time: default: 60 description: - Number of seconds to retry if server returns an internal server error. type: int
data: contains: application_categories: contains: applications: contains: id: description: URI of application. returned: success sample: Gmail type: str name: description: Descriptive name of application. returned: success sample: meraki:layer7/application/4 type: str description: List of applications within a category. type: list id: description: URI of application category. returned: success sample: Email type: str name: description: Descriptive name of application category. returned: success sample: layer7/category/1 type: str description: List of application categories and applications. returned: success, when querying applications type: list rules: contains: applicationCategory: contains: id: description: URI of application. returned: success sample: Gmail type: str name: description: Descriptive name of application. returned: success sample: meraki:layer7/application/4 type: str description: List of application categories within a category. type: list applications: contains: id: description: URI of application. returned: success sample: Gmail type: str name: description: Descriptive name of application. returned: success sample: meraki:layer7/application/4 type: str description: List of applications within a category. type: list blacklistedCountries: description: Countries to be blacklisted. returned: success sample: RU type: str ipRange: description: Range of IP addresses in rule. returned: success sample: 1.1.1.0/23 type: str policy: description: Action to apply when rule is hit. returned: success sample: deny type: str port: description: Port number in rule. returned: success sample: 23 type: str type: description: Type of rule category. returned: success sample: applications type: str whitelistedCountries: description: Countries to be whitelisted. returned: success sample: CA type: str description: Ordered list of firewall rules. returned: success, when not querying applications type: list description: Firewall rules associated to network. returned: success type: complex